This document discusses how Check Point software provides security that accelerates cloud adoption. It notes that traditional security is not built for continuous integration and delivery (CI/CD) and causes delays. Check Point's CloudGuard suite provides visibility, compliance, network security, and threat prevention across public clouds, private clouds, and SaaS applications to enable secure DevOps. It also integrates with VMware NSX to provide automated, adaptive security policies and quarantine infected machines through shared security contexts between CloudGuard and NSX controllers.

1. 1©2018 Check Point Software Technologies Ltd.©2019 Check Point Software Technologies Ltd.
SECURITY AS AN
ACCELERATOR FOR
CLOUD ADOPTION
Petr Kadrmas | SE Eastern Europe
pkadrmas@checkpoint.com

2. 2©2018 Check Point Software Technologies Ltd.
“By 2020, 60% of digital businesses
will suffer major service failures due
to the inability of IT security teams
to manage digital risk.”
Gartner, “Special Report: Cybersecurity at the Speed of Digital
Business,” May 2016.
BUSINESS DEMANDS
Control costs and reduce
complexity
Deliver applications faster to
improve time to market
Decrease business risk in an
environment of advanced
persistent threats

3. 3©2018 Check Point Software Technologies Ltd.
Takes months to add new
features & products
▪ Waterfall
▪ Monolithic
Operations
Business
Security
Manual, costly & slow
▪ Provisioning
▪ Maintenance/patching
▪ Scaling
Technical problem
▪ On top
▪ Complex
Deliver new products in
weeks
▪ Agile
▪ Micro-services
Automatic and fast
▪ DevOps
▪ Maintenance/patching
▪ Auto-Scaling
Business problem
▪ Part of business process
▪ Automatized and dynamic
▪ Even more secure
LEGACY IT
Business supporter
“NEW” ITBusiness accelerator

4. Traditional Security is Not Built for CI/CD
Problem
• Security checks happen at the end of System Development Lifecycle. Any issue sends
product back to development, causing delays
• Manual, siloed approach to security hardening robs DevOps of its agility
• Organizations forced to trade off agility for security

5. CloudGuard Suite
Visibility, compliance
and governance,
network security
Preventing attacks
on SaaS applications
and cloud-based
email
Public Cloud - Access
control and advanced
threat prevention
Controller - Adaptive
security for all major
cloud providers
Private Cloud -
Advanced threat
prevention for East-
West and North-South
traffic

6. Public Cloud Network Security with
CloudGuard IaaS and Dome9
1 Deploy the right
architecture
2 Protect the network
data plane
3 Protect the network
control plane
Cloud Security Blueprint,
Automated and Elastic
Security
CloudGuard Dome9 – Visibility
and Compliance for native
features
CloudGuard IaaS Gateway
Advanced Security

7. Control Plane Security with
CloudGuard Dome9
1 Visibility of assets and
security posture
2 Continuous compliance 3 Cloud Security
Intelligence, Log.ic
Quickly identify
misconfigurations
Continuous assess and enforce
security best practices and
compliance standards
Protect against threats and
intrusions with actionable
threat intelligence

8. Security and Compliance Testing in CI/CD
Pipeline
Problem
• Security checks happen at the end of SDLC. Any issue sends product back to development
causing delays
• Manual, siloed approach to security hardening robs DevOps of its agility
• Organizations forced to trade off agility for security
Dome9
Dome9
Dome9 IaaS
Log.ic
Log.ic
IaaS

9. Private Cloud
Auto provisioned advanced threat
prevention to control East-West traffic
(lateral movements)
Isolate infected machines with advanced
security engines (like IPS, Anti-Bot,
Zero-day protections and access control)

10. 10©2018 Check Point Software Technologies Ltd.
• Strategic Global Alliance Partner
• Integrations with: ESXi, NSX, vCenter, vRO, VMware Cloud
on AWS and more
• Support greatest number of releases including current
NSX-V and NSX-T
• Designed NSX Multi-Channel with VMware in partnership
• First NGFW partner with full NSX Service Composer
automation — driving innovation for increased
automation
LONGSTANDING PARTNERSHIP AND
INNOVATION WITH VMWARE

11. 11©2018 Check Point Software Technologies Ltd.
NSX MANAGER AUTOMATICALLY
DEPLOYS AND PROVISIONS CHECK
POINT CG GATEWAY ON EACH HOST
CHECK POINT CloudGuard AUTO-
DEPLOYMENT

12. 12©2018 Check Point Software Technologies Ltd.
Use Check Point CloudGuard to control traffic access between Virtual
Machines
EAST-WEST SECURITY CONTROL
NSX Service Chain Policy
Traffic from Partner to Legal Security
Group must go through Check Point
vSEC Gateway
[Restricted] ONLY for designated groups and individuals

13. 13©2018 Check Point Software Technologies Ltd.
SHARED POLICY TAGGING
Check Point tells SDN to
quarantine infected apps
Shared security context between CloudGuard and SDN controllers to automatically
quarantine and trigger remediation
NSX Policy
From To Action
Infected VM
(Tagged by Check Point)
Any Quarantine
[Restricted] ONLY for designated groups and individuals

14. 14©2018 Check Point Software Technologies Ltd.
NSX & CLOUDGUARD
OPTION 1: NATIVE + ADVANCED PROTECTION

15. 15©2018 Check Point Software Technologies Ltd.
NSX & CLOUDGUARD
OPTION 2: ADVANCED PROTECTION ONLY

16. 16©2018 Check Point Software Technologies Ltd.
NSX & CLOUDGUARD
OPTION 3: ADVANCED PROTECTION WITH EXCEPTIONS

17. 17©2018 Check Point Software Technologies Ltd.
NSX & CLOUDGUARD - UPGRADES
External Network
v2
v1

18. 18©2018 Check Point Software Technologies Ltd.
NSX & CLOUDGUARD - UPGRADES
External Network
v2
v1

19. 19©2018 Check Point Software Technologies Ltd.
NSX & CLOUDGUARD - UPGRADES
External Network
v2
v1

20. 20©2018 Check Point Software Technologies Ltd.
CloudGuard
Controller
Provides adaptive security policy to the
changes in your cloud assets.
Enables a unified security policy over multi-
cloud and on-premise environments

21. 21©2018 Check Point Software Technologies Ltd.
APPLICATION-AWARE POLICY
[Internal Use] for Check Point employees​

22. 22©2018 Check Point Software Technologies Ltd. [Restricted] ONLY for designated groups and individuals
AUTOMATIC UPDATES
CG controller constantly tracks changes to objects
imported from the cloud management server
and updates SmartConsole

23. 23©2018 Check Point Software Technologies Ltd. [Restricted] ONLY for designated groups and individuals
LOGICAL IDENTITIES IN LOGS
CG controller includes hosts logical names
in security logs

24. 24©2018 Check Point Software Technologies Ltd.
Check Point security is designed for cloud orchestration:
1. Policy with granular delegation privileges (per rule)
2. Policy that allows simultaneous changes
TRUSTED ORCHESTRATION WITH
R80 APIs

25. 25©2018 Check Point Software Technologies Ltd.
UNIFIED SECURITY FOR ALL CLOUDS
• Consistent security policy and control
across Private and Public Cloud and
Perimeter
• Auto-scale according to your needs
• Supports VMware Cloud on AWS

26. 26©2018 Check Point Software Technologies Ltd. [Internal Use] for Check Point employees​

27. 27©2019 Check Point Software Technologies Ltd.©2019 Check Point Software Technologies Ltd.
THANK YOU
Petr Kadrmas| SE Eastern Europe
pkadrmas@checkpoint.com